diff --git a/app/controllers/public/account_controller.rb b/app/controllers/public/account_controller.rb
index 0ed7420..8687b2c 100644
--- a/app/controllers/public/account_controller.rb
+++ b/app/controllers/public/account_controller.rb
@@ -72,7 +72,7 @@ class AccountController < PublicController
 
   # posts back
   def forgot_password
-    @change_password = ChangePasswordData.new(params[:change_password])
+    @change_password = ChangePassword.new(params[:change_password])
     if request.post?
       begin
         @change_password.confirm!
diff --git a/app/models/change_password.rb b/app/models/change_password.rb
index aa40485..ab57786 100644
--- a/app/models/change_password.rb
+++ b/app/models/change_password.rb
@@ -1,12 +1,22 @@
+# TODO: send an e-mail with a hash code to the task after the ChangePassword is creatd -> override messages from #Task
+
 class ChangePassword < Task
 
-  attr_accessor :login, :email
+  serialize :data, Hash
+  def data
+    self[:data] ||= {}
+  end
+
+  attr_accessor :login, :email, :password, :password_confirmation
+
+  ###################################################
+  # validations for creating a ChangePassword task 
+  
+  validates_presence_of :login, :email, :on => :create
 
-  validates_presence_of :login, :email
-  validates_format_of :email, :with => Noosfero::Constants::EMAIL_FORMAT, :if => (lambda { |obj| !obj.email.blank? })
+  validates_format_of :email, :on => :create, :with => Noosfero::Constants::EMAIL_FORMAT, :if => (lambda { |obj| !obj.email.blank? })
 
-  # 
-  validates_each :login do |data,attr,value|
+  validates_each :login, :on => :create do |data,attr,value|
     unless data.login.blank?
       user = User.find_by_login(data.login)
       if user.nil? 
@@ -19,16 +29,24 @@ class ChangePassword < Task
     end
   end
 
-  def initialize(hash = nil)
-    hash ||= {}
-    self.login = hash[:login] || hash['login']
-    self.email = hash[:email] || hash['email']
+  before_create do |change_password|
+    change_password.requestor = Person.find_by_identifier(change_password.login)
+  end
+
+  ###################################################
+  # validations for updating a ChangePassword task 
+
+  # only require the new password when actually changing it.
+  validates_presence_of :password, :on => :update
+
+  def initialize(*args)
+    super(*args)
+    self[:data] = {}
   end
 
-  def confirm!
-    raise ActiveRecord::RecordInvalid unless self.valid?
+  def perform
     user = User.find_by_login(self.login)
-    #ChangePassword.create!(:user_id => user.id)
+    user.force_change_password!(self.password, self.password_confirmation)
   end
 
 end
diff --git a/app/models/task.rb b/app/models/task.rb
index 096f4f1..33c57d3 100644
--- a/app/models/task.rb
+++ b/app/models/task.rb
@@ -29,6 +29,10 @@ class Task < ActiveRecord::Base
     self.status ||= Task::Status::ACTIVE
   end
 
+  after_create do |task|
+    TaskMailer.deliver_task_created(task)
+  end
+
   # this method finished the task. It calls #perform, which must be overriden
   # by subclasses. At the end a message (as returned by #finish_message) is
   # sent to the requestor with #notify_requestor.
@@ -53,6 +57,12 @@ class Task < ActiveRecord::Base
     end
   end
 
+  # The message that will be sent to the requestor of the task when the task is
+  # created.
+  def create_message
+    _("The task was created at %s") % Time.now
+  end
+
   # The message that will be sent to the requestor of the task when its
   # finished.
   def finish_message
diff --git a/app/models/task_mailer.rb b/app/models/task_mailer.rb
index 0100891..de98a09 100644
--- a/app/models/task_mailer.rb
+++ b/app/models/task_mailer.rb
@@ -1,21 +1,25 @@
 class TaskMailer < ActionMailer::Base
 
   def task_finished(task)
-    recipients task.requestor.email
-    from task.requestor.environment.contact_email
-    subject task.description
-    body :requestor => task.requestor.name,
-      :message => task.finish_message,
-      :environment => task.requestor.environment.name,
-      :url => url_for(:host => task.requestor.environment.default_hostname, :controller => 'home')
+    send_message(task, task.finish_message)
+  end
+
+  def task_created(task)
+    send_message(task, task.create_message)
   end
 
   def task_cancelled(task)
+    send_message(task, task.cancel_message)
+  end
+
+  protected
+
+  def send_message(task, message)
     recipients task.requestor.email
     from task.requestor.environment.contact_email
     subject task.description
     body :requestor => task.requestor.name,
-      :message => task.cancel_message,
+      :message => message,
       :environment => task.requestor.environment.name,
       :url => url_for(:host => task.requestor.environment.default_hostname, :controller => 'home')
   end
diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb
index 22ad595..095385a 100644
--- a/test/functional/account_controller_test.rb
+++ b/test/functional/account_controller_test.rb
@@ -182,6 +182,14 @@ class AccountControllerTest < Test::Unit::TestCase
     assert_response :success
   end
 
+  should 'respond to forgotten password change request' do
+    flunk 'not implemented yet'
+  end
+
+  should 'provide interface for entering new password to replace forgotten one' do
+    flunk 'not implemented yet'
+  end
+
   protected
     def create_user(options = {})
       post :signup, :user => { :login => 'quire', :email => 'quire@example.com', 
diff --git a/test/unit/change_password_test.rb b/test/unit/change_password_test.rb
index 3a44557..fd89fc1 100644
--- a/test/unit/change_password_test.rb
+++ b/test/unit/change_password_test.rb
@@ -52,4 +52,33 @@ class ChangePasswordTest < Test::Unit::TestCase
     assert !data.errors.invalid?(:email)
   end
 
+  should 'send a message with a URL so the user can enter the new password' do
+    User.destroy_all
+    User.create!(:login => 'testuser', :password => 'test', :password_confirmation => 'test', :email => 'test@example.com')
+
+    data = ChangePassword.new
+    data.login = 'testuser'
+    data.email = 'test@example.com'
+    data.save!
+  end
+
+  should 'actually change password' do
+    User.destroy_all
+    User.create!(:login => 'testuser', :password => 'test', :password_confirmation => 'test', :email => 'test@example.com')
+
+    change = ChangePassword.new
+    change.login = 'testuser'
+    change.email = 'test@example.com'
+    change.save!
+
+    user = User.new
+    user.expects(:force_change_password!).with('newpass', 'newpass')
+    User.expects(:find_by_login).with('testuser').returns(user)
+
+    change.password = 'newpass'
+    change.password_confirmation = 'newpass'
+    change.finish
+
+  end
+
 end
diff --git a/test/unit/task_test.rb b/test/unit/task_test.rb
index 9e0d7f8..d2045c3 100644
--- a/test/unit/task_test.rb
+++ b/test/unit/task_test.rb
@@ -6,6 +6,8 @@ class TaskTest < Test::Unit::TestCase
     ActionMailer::Base.delivery_method = :test
     ActionMailer::Base.perform_deliveries = true
     ActionMailer::Base.deliveries = []
+
+    TaskMailer.stubs(:deliver_task_created)
   end
 
   def test_relationship_with_requestor
@@ -49,14 +51,14 @@ class TaskTest < Test::Unit::TestCase
   end
 
   def test_should_notify_finish
-    TaskMailer.expects(:deliver_task_finished)
     t = Task.create
+    TaskMailer.expects(:deliver_task_finished).with(t)
     t.finish
   end
 
   def test_should_notify_cancel
-    TaskMailer.expects(:deliver_task_cancelled)
     t = Task.create
+    TaskMailer.expects(:deliver_task_cancelled).with(t)
     t.cancel
   end
 
@@ -80,4 +82,11 @@ class TaskTest < Test::Unit::TestCase
     assert_kind_of String, Task.new.description
   end
 
+  should 'notify just after the task is created' do
+    task = Task.new
+    TaskMailer.expects(:deliver_task_created).with(task)
+    task.save!
+  end
+
+
 end
--
libgit2 0.21.2